Take server security seriously
– and stop hackers in their tracks
Minimize the risk
of server failures
Protect against
data loss
Prevent the company’s IT from crashing
Protect file, print, mail, and web servers
Server security with PRTG
Jump to the topic of your choice
- 10 ways to improve the security of your servers
- Key benefits and objectives
- Bluescreen? This short video explains why server monitoring is important
- Server security measures divided into 4 areas, which at times cannot help from overlapping
- Server security measures
- Warding off attackers
- How to keep your system safe
- Damage control
- Server security monitoring with PRTG
- With PRTG, your network is in good hands
- Measurement methods
- 8 reasons why PRTG monitoring makes servers more secure
10 ways to improve the security of your servers
Servers are the backbone of any IT environment. Consequently, their security should be taken very seriously. The following 10 steps will help you ensure your servers stay as secure as possible:
- Secure the server room
- Build a minimal system
- Assign rights carefully
- Install antivirus software
- Set up a firewall
- Activate intrusion detection systems
- Encrypt sensitive data
- Keep software up-to-date
- Install centralized monitoring
- Train employees
Why is server security essential?
Servers are mainly responsible for ensuring employees, management, customers, and partners have constant access to the company’s services. Servers are at the heart of all business activity: data swapping, work process optimization, and the services associated with individual tasks. Because they are so vital to the proper functioning of a company’s daily work, servers are an attractive target for hackers.
If a server goes down, the entire company is paralyzed:
- IT failure, interruption of business processes
- Data loss and limited access to data
- Faulty or disabled applications (for employees)
- Blocked access to services (for customers)
- Contractual penalties for missed deadlines or non-compliance with SLAs
Server security must be optimized to minimize the risk of crashes, corporate espionage, and other harmful situations. It should be built around a comprehensive strategy providing extensive and long-lasting protection against risks. Interfaces to the Internet represent the biggest sources of risks, which means companies must do everything in their power to secure them. This includes installing antivirus software or firewalls, and monitoring for suspicious traffic. But servers themselves must also be protected, in particular from fire, humidity, power outages, break-ins, theft, and sabotage.
Your network security at a glance – even while on the go
PRTG is set up in a matter of minutes and can be used on a wide variety of mobile devices.
Server security measures
Server room security
When people think of server security, they usually think of providing protection from dangerous hackers who launch attacks via the Internet. But even with the current Cloud revolution, servers are still stored in computer centers and server rooms. The hardware in these rooms must regularly be maintained and checked for wear and tear. This hardware is also exposed to a range of physical risks, including everything from fluctuations in voltage to earthquakes. And because of the central role played by servers, the problems that occur in the server room can quickly have an impact on the entire company.
Secure the surroundings
If possible, the servers should be set up in a separate building where you have total control over the room and its surroundings. However, such a setup only makes sense if your company has grown beyond a certain size. If the building is used for other purposes, then an individual fire detection system (at the very least) should be installed to help prevent fires in neighboring departments from reaching the server room.
The following security aspects should be taken into consideration for the area surrounding the server room:
How might the servers be put at risk by bordering rooms or adjacent floors? (For example, by a burst water pipe or increased visitor traffic which criminals could use to their advantage.)
All cables should be firmly in place inside the cable room, ideally under a raised floor. Another security measure involves the use of sockets with voltage regulators. In addition, all flammable objects should be kept a good distance from the server room. It is not recommended that the server room be used as an informal place of storage.
If possible, the server room should be equipped with its own electrical circuit to spare it from external power outages. Short circuits in neighboring departments should not have an impact on your servers. We recommend using an emergency generator to safeguard against large-scale power outages, especially if your servers are used for supplying services to other locations.
Natural hazards
Server hardware can also be affected by the temperature and humidity of the air in the room. Server rooms should therefore be equipped with air conditioners, heaters, and ventilation systems. If the room has windows, then it should be protected from any eventual rain or condensation. The presence of nearby water pipes (and their potentially dangerous effects) should also be taken into account. The room can be controlled by temperature and humidity sensors. These sensors should deliver their data to a centralized monitoring system so an alarm can be triggered in the event that the respective threshold values are exceeded.
The same goes for smoke detectors and fire detection systems. Automated fire extinguishing devices can save you having to purchase expensive new hardware down the line. The server room should also be equipped with hand-held fire extinguishers.
Since most servers and their components run non-stop and for years on end, even the most minimal risks become a real danger. You must therefore prepare for these risks as well. Depending on the geographical location, servers must be protected against earthquakes and other natural phenomena. One idea is to set up a second computer center in another location to provide for extra protection in the event of a total system failure.
Limiting access
Customer and company data saved on servers – and in corresponding storage systems – requires special protection. As a consequence, you will have to control who is able to access this data via the network. Access to the server room itself should also be dictated by a transparent set of rules. By controlling and keeping a record of access to the server room, tampering by unauthorized persons can be prevented or (at the very least) easily retraced.
It may seem trivial, but to prevent unauthorized persons from gaining access to the server room, you must come up with ways that make it as difficult as possible for such people to achieve their goal. One such strategy involves removing all signs pointing to the server room. After all, those who have access know where it is.
In addition, avoid setting up the server room next to a department with guest workstations. There should be no easy way for non-company employees to access the server room without the proper authorization. The server room itself should always be locked.
All access points to the server room (from the inside or outside) should be secured in such a way that even the most sophisticated break-in methods fail. After all, break-ins can also occur during the night, on weekends, and on holidays. It is not only important to secure doors and windows, but also portholes, ventilation shafts, and light wells. Additionally, you should think about where small rodents might be able to get in. Such openings include locks, grates, and security doors and windows.
It might also be a good idea to install a video surveillance system to monitor the entrance area and potential entry points in the surrounding area, all the while taking data protection regulations into account.
Access rights: knowing when and how to grant them
Security loopholes can arise when rights are granted in an inconsistent or random fashion. The company must clearly define who needs access to the server room, and who shall receive a chip card or key. All such access rights should be recorded in writing.
Furthermore, the company must ensure keys are returned when there is no longer any reason for people to have them. It must also have a clear-cut policy on what to do if a key or chip card goes missing, on the measures which are to be taken - and where a spare key is to be kept in the case of an emergency.
As is often the case for security-critical questions, the following principle applies: as little access as possible, and only as much as necessary. All access to and contact with IT systems should be documented and checked on a regular basis.
Server room monitoring
Ideally, sensors and alerts will be configured for each of these cases as part of your centralized monitoring environment, such that an alarm is sent to the manager in the event of fluctuations in temperature or humidity, smoke, fires, hardware error messages, and unauthorized access or entry.
Precautions to prevent attacks
Once you have found a suitable location for your servers, it is then a matter of setting them up in a secure fashion. In particular, you will want to make sure you have a constant overview of your servers, and take precautionary measures by closing security loopholes and gateways. An attacker should be given as few attack options as possible.
Minimal systems
The simpler the system, the less prone it is to errors and the fewer software errors and loopholes you will have to fix. Servers, too, should be configured in as simple and transparent a way as possible. Their hardware, services, and operating system should be geared towards performing concrete tasks. The more complex the system, the harder it is to maintain an overview – and the more likely loopholes will go overlooked.
You should therefore only use those hardware components that are absolutely necessary for the functioning of your business. The operating system must be configured properly, services clearly related to the business and its purpose, and interfaces to the Internet kept to a minimum. If hardware components, services, or interfaces are no longer needed, then they should be uninstalled or closed.
Rights management
As employees (and their devices and accounts) can attract the attention of hackers, they should only have access to the services and data they are authorized to use, and only obtain the rights they need to complete their tasks.
Various rights are therefore assigned to different user accounts, and define the areas which users can access and the operations (read, write, and execute) they can perform. Regular users, for example, should not receive administrator rights. Rights management makes servers more secure. On the one hand, inexperienced users are unable to accidentally cause damage, while on the other, hackers cannot infiltrate key areas by hacking user accounts.
In general, the configuration of rights takes place via a central user management system that is accessible by the server. A central management system is less prone to error, but must also be properly secured. Data transmission between the client and server must be encrypted, otherwise attackers will be able to read passwords. Examples include the directory services LDAP (Lightweight Directory Access Protocol) and Microsoft Active Directory. Think of using Secure LDAP or LDAPS instead of the unencrypted version of LDAP.
Employee training
If all rights have been assigned properly, then you’ve already gone a long way in protecting client machines from potential attacks. It’s not possible to eliminate attacks completely, for employees need interfaces for their business processes (which include everything from simple searches to email traffic and access to the business account). Employees should therefore be taught how to go about handling devices, accounts, and user rights. They should also learn how to spot an attack, as well as help prevent them.
One hacker method for targeting employees is called “social engineering.” Social engineering occurs when people are influenced to behave in a certain way, such as disclose their passwords and other confidential information or click on a link that allows for malware to be installed on their machine.
Such a scam may involve a call from a “service technician” who urgently needs to access your data. Another version involves the use of phishing emails which urge employees to surf to a certain page, thereby allowing a hacker to obtain their login information or infect their computers. Phishing is usually performed on a large scale: if thousands of emails are sent, then at least one recipient is bound to click on the link and thus hand over access to the company network. “Spear phishing” is a special type of phishing that uses legitimate-looking emails to target specific groups.
Employees play key roles in improving the security of your servers and network. They should be made familiar with topics such as phishing, secure passwords, and responsible behavior at the workplace. Sometimes leaving a guest alone in front of a computer is all it takes to put the company at risk.
Software updates
Software – from firmware to the business tool – can also put the company at risk. Programming errors can be behind security loopholes as well as other flaws. Exploits take advantage of these weak spots to first gain access to the network and servers and then obtain secret company information or embed malware.
At the same time, professionals gather exploits into “exploit kits,” provide them with an easy-to-use interface, and sell them to interested hackers. In this way, a large range of potential weak spots can be “run through” with little to no effort at all.
If weak spots are uncovered, they should be eliminated by way of countermeasures or security updates that are automatically distributed to all the workstations in the company. By doing so, you’ll at least be sure to close all the known gateways. But the risk still remains that the hacker is one step ahead of the manufacturer and the IT security department.
Memory protection devices and memory randomization
Even if a program is run without errors, a hacker can still break in. Inadequate memory management can therefore pose a security risk. In such a case, the reserved memory is too small for the volume of data. The resulting buffer overflows can cause data to be written in memory regions, which can subsequently damage programs and other data. Hackers take advantage of this situation to selectively crash programs or embed program code.
To prevent programs from being run in unauthorized memory regions, think of installing a memory protection device (Executable Space Protection, or "ESP”). While some operating systems can do this without hardware support, certain processors come with hardware that supports ESP.
But even ESP has loopholes. If attackers understand the program structure, they can use a buffer overflow to crash the program (e.g. by overwriting the data in the buffer). Memory randomization (Address Space Layout Randomization, ASLR) can help prevent such attacks. As its name suggests, ASLR arranges address spaces randomly.
The securing of remote connections
More and more companies rely on remote administration – via the local network or Internet – to manage their servers. Remote administration is helpful for quickly identifying problems and determining if threshold values have been exceeded. Faster information lets you take faster action and limit potentially negative consequences. As a result, systems distributed throughout the entire world can be monitored and managed from one central location.
Remote management interfaces can also query the status of hardware if the system is shut down, and thus do not rely on operating systems. With a remote management interface, the system can be restarted from afar (and shut down again). The only requirement is a connection to the power supply. The Intelligent Platform Management Interface (IPMI) works with the hardware of any manufacturer. It can query the statuses of power supplies, processors, fans, and hard drives. There are also manufacturer-specific interfaces.
Regardless of the interface, it’s important that the connection be secure and encrypted to prevent data from being queried by unauthorized persons and ensure unknown third parties do not gain control of the system. A hacker with access to this connection can shut down your hardware completely.
Trusted by 500,000 users and recognized
by industry analysts as a leader
“Fantastic network and infrastructure monitoring solution that is easy to deploy and easier still to use. Simply the best available.”
“Software is absolutely perfect, Support is superior. Meets all needs and requirements, this is a must have solution if you are needing any form of monitoring.”
“The tool excels at its primary focus of being a unified infrastructure management and network monitoring service.”
Warding off attackers
A server’s need for protection is proportional to the number of ways it can be accessed from the outside. SMTP, web, and mail servers swap data directly with the Internet, which makes it easy for malware to infiltrate. On the other hand, databases, LDAP servers, and other internal network servers are not so easy to attack. These components are only at risk if malware goes unnoticed and is able to propagate within the internal network.
Attackers should not be given the chance to penetrate the company network via open interfaces. Attack routes include open and unsecured ports, conventional email attachments with viruses, and Trojan horses or drive-by attacks via malware-infected websites. Firewalls, intrusion detection systems, and antivirus software are recommended for blocking these routes.
How to keep your system safe
Firewalls
A firewall is a server’s first line of defense. It protects interfaces to the Internet from unwanted intruders. Firewalls analyze incoming and outgoing traffic, and decide whether this data should be permitted or forbidden. These decisions are made in accordance with a predefined set of rules that take the sender, destination, and services into account.
Virus scanners
Antivirus software should be installed to defend against viruses and other malware. This software tests data arriving at the Application Level Gateway (ALG) and email server. To root out malware that is detected later (e.g. once a signature becomes available), another inspection is performed on the file server and other internal servers. Clouds should also be checked on a regular basis. Your company may use a variety of different programs and search engines. To prevent these from getting in the way, they should not be run on the same system.
“The greatest advantage of PRTG? You get to rest easy.“
Steffen Ille, Bauhaus-University of Weimar, Germany
Damage control
If hackers are able to gain access to the server system despite your taking preventive measures and monitoring open interfaces, these hackers must be sniffed out immediately and allowed to cause as little damage as possible. To stop a hacker, you must secure all sensitive areas and continually check ongoing processes for malware.
Intrusion detection/prevention systems (IDS/IPS)
Intrusion detection systems (IDSs) use traffic communication patterns to identify malware. They mirror the data that passes through switches, and inspect this data for suspicious elements. Intrusion prevention systems (IPSs) can also be used to get rid of malware.
Encryption
If – despite all your precautionary measures and monitoring – an intruder still manages to gain access to the server (and its network), your data should at the very least be encrypted. You can choose to encrypt entire hard drives, individual partitions, directories, or just certain sensitive data. Hackers cannot, for example, access unencrypted passwords.
TPMs (trusted platform modules)
If your server hardware has a trusted platform module (TPM) as part of its mainboard, then this module can also be used to increase the security of your servers. The module has two functions: create/store cryptographic keys and generate random numbers. These keys and random numbers never leave the TPM. As a result, access by malware or a third party is impossible. Before installing a TPM, make sure it is compatible with your operating system.
Integrity checks
Integrity checks are used to identify unintentional modifications, or those that are performed on purpose by a hacker. During an integrity check, a service monitors access to a file and is activated in the event of a modification. The server status is then compared with a status that was recorded before the check began.
Logging
The server’s operating system and services record all important events in logs. These events include status and error messages, as well as logs of when services are run or stopped. Logs should be analyzed regularly to uncover loopholes and attacks, which can easily by spotted by unusual-looking data.
Monitoring
Monitoring software is a fundamental part of any server security system. After all, what good is a firewall, antivirus software, or backup software if they malfunction or crash? With a monitoring tool, you can monitor all your security tools and be informed of glitches automatically.
Thanks to regular status checks, you’ll always know if your hardware, operating systems, and services are up and running. You usually also get access to a centralized management console, which you can use, among other things, to check traffic for anomalies.
SNMP (Simple Network Management Protocol)
The SNMP network protocol is the easiest and most resource-efficient monitoring method. SNMP configures, manages, and monitors network components (servers, routers, switches, and printers), and reads system variables, temperature sensors, memory usage data, and much more.
SNMP versions 1 and 2 offer nearly no security at all; SNMP v1 sends data such as passwords in clear text. Version 3 is the first to include important security mechanisms on authentication, encryption, and access control.
WBEM (Web Based Enterprise Management)
WBEM is used to manage network and system resources (e.g. hardware, software, users). Its Common Information Model (CIM) defines standard interfaces which make it possible to access the devices and applications of various different manufacturers. CMI – like SNMP – lets you retrieve the configurations of devices and modify their settings.
All data is usually sent via HTTP (Hypertext Transfer Protocol). The advantage of HTTP is that SSL (HTTPS) can also be used for the encryption of transferred data. Windows Management Instrumentation (WMI) is a well-known implementation of WBEM.
Server security monitoring with PRTG
Servers are the backbones of every IT infrastructure. Without them, companies cannot conduct their business. PRTG network monitoring software warns you in the event of malfunctions and incidents which can put the security of your network and servers at risk. PRTG checks to make sure your firewalls, virus scanners, security software, and backups are up and running. It can also inform you if someone accesses the server room who isn’t authorized to do so. PRTG comes with a number of functions that can help you increase the security of your servers.
With PRTG, your network is in good hands
Proactive and quick
to sound the alarm
PRTG ensures system failures are kept as short as possible – or prevented in advance. Its built-in alarm system will send you an alert by email, SMS, or push notification at the slightest sign of a problem.
With PRTG, all notification threshold values are customizable. Sysadmins are therefore informed before a bottleneck causes a crash or other damage. In the event of a server error, PRTG notifies you at once.
An all-in-one
IT monitoring solution
PRTG monitors your network’s entire IT infrastructure: processors, RAM, fans, power supplies, servers, storage devices, connected devices (e.g. routers, computers, and printers), traffic, and much more. With our all-in-one monitoring tool PRTG, you can do away with the weak spots that tend to crop up when using a variety of different programs.
Whether you have just a few servers or a gigantic server farm, PRTG adapts to the size of your server landscape. All PRTG licenses are customizable. Even virtual servers are recognized automatically and incorporated into your monitoring environment.
Facilitate capacity planning and process optimization
PRTG helps you get a handle on your capacity planning. Its comprehensive server monitoring allows sysadmins to promptly recognize when it’s time for an upgrade.
PRTG comes with a dashboard that displays all monitoring data on customizable, easy-to-read charts. Another feature: extensive reports, which back information obtained from colleagues and management, the planning of new purchases, and the company’s process optimization plan.
Measurement methods
PRTG uses SNMP, packet sniffing, and NetFlow to measure network traffic.
- SNMP makes it possible to monitor all the traffic in your network, and to sort this traffic by port. SNMP is the easiest and most resource-efficient option.
- Packet sniffing and NetFlow (or sFlow and jFlow), meanwhile, provide for more detailed network traffic analysis. These methods can also be used to sort and filter network traffic by IP address or protocol.
8 reasons why PRTG monitoring makes servers more secure
In PRTG, “sensors” are the basic monitoring elements. One sensor usually monitors one measured value in your network, e.g. the traffic of a switch port, the CPU load of a server, the free space of a disk drive. On average you need about 5-10 sensors per device or one sensor per switch port. How PRTG defines sensors
All-in-one server monitoring software
PRTG effectively monitors all the parameters linked to server security in your monitoring environment. Problems can therefore be found – and solved – much faster. And this is true even if the cause of the damage cannot be traced back to the server itself.
Server security data at a glance
An easy-to-read dashboard gives sysadmins the best possible overview of their monitoring data. All data can be mixed and matched to get a better idea of possible correlations.
Customize sensors and alerts to sniff out danger
The powerful PRTG API lets you customize your monitoring to best meet the needs of your company’s IT infrastructure. Individual sensors can be modified with a few quick clicks. Alarms are tailor-made to perfectly anticipate risks.
Identify bottlenecks and other traffic problems
NetFlow and packet sniffing allow sysadmins to immediately spot potential network bottlenecks and unusual spikes in traffic. If you have cause for suspicion, you can isolate computers or disable applications one by one.
Reduce risks and complexity with centralized monitoring
PRTG lets you bypass the risks you'll encounter while using a combination of monitoring tools, by doing away with compatibility problems and keeping weak spots to a minimum. With PRTG, things get overlooked less.
An early warning system for suspicious activity
PRTG records and retraces anomalies – and alerts sysadmins automatically. Furthermore, with PRTG, hackers who have already infiltrated the network are prevented from causing additional damage.
Prevent security tools from crashing
PRTG notifies you in the event that firewalls, antivirus software, or other security tools are about to crash. It also lets you know if a backup is faulty. You can therefore take action before more serious problems arise.
Secure your ports
PRTG allows sysadmins to ascertain the extent to which their ports are protected by SSL/TSL.
PRTG makes your job easier
Our monitoring software frees you to focus on other tasks by promptly notifying you of potential issues.
Save effort
PRTG gives you one central monitoring tool for your servers and entire network. Enjoy a quick overview of your whole infrastructure via our dashboard and app.
Save time
Getting started with PRTG is a breeze. Setting up or switching from another network monitoring tool is easy thanks to the auto-discovery and pre-configured device templates.
Save money
80% of our customers report substantial cost savings with network monitoring. Your costs of licenses will likely pay for themselves within weeks.

Want to learn more about PRTG? Please do!
PRTG comes with sensors for web servers, database servers, file servers, virtual servers, and many more. All sensors can be customized for your own particular fleet.
More information:
- Server monitoring
- Server room monitoring
- Hardware monitoring
- Traffic monitoring
- Firewall monitoring
- Virus scanner monitoring
- Backup monitoring
- Syslog monitoring
- Cloud monitoring
“Easy to implement and configure with good technical support.”
R. v. S., ICT Manager at Heinen & Hopman Eng BV
PRTG: The multi-tool for sysadmins
Adapt PRTG individually and dynamically to your needs and rely on a strong API:- HTTP API: Access monitoring data and manipulate monitoring objects via HTTP requests
- Custom sensors: Create your own PRTG sensors for customized monitoring
- Custom notifications: Create your own notifications and send action triggers to external systems
- REST Custom sensor: Monitor almost everything that provides data in XML or JSON format
Still not convinced?
More than 500,000 sysadmins love PRTG
Paessler PRTG is used by companies of all sizes. Sysadmins love PRTG because it makes their job a whole lot easier.
Still not convinced?
Monitor your entire IT infrastructure
Bandwidth, servers, virtual environments, websites, VoIP services – PRTG keeps an eye on your entire network.
Try Paessler PRTG for free
Everyone has different monitoring needs. That’s why we let you try PRTG for free. Start now with your trial.
PRTG |
Network Monitoring Software - Version 23.2.84.1566 (May 24th, 2023) |
Hosting |
Download for Windows and cloud-based version PRTG Hosted Monitor available |
Languages |
English, German, Spanish, French, Portuguese, Dutch, Russian, Japanese, and Simplified Chinese |
Pricing |
Up to 100 sensors for free (Price List) |
Unified Monitoring |
Network devices, bandwidth, servers, applications, virtual environments, remote systems, IoT, and more |
Supported Vendors & Applications |
|